[Openstack-security] [Bug 1118066] Re: Nova should confirm quota requests against Keystone

Matt Riedemann mriedem at us.ibm.com
Tue Oct 6 19:11:54 UTC 2015 

Also, confirmed that you can pass a random uuid to nova quota-show and
it will just return default quotas:

http://paste.openstack.org/show/475512/

Which is misleading if that project doesn't exist, but if you try
updating it with the current behavior it will create the quotas entry in
the db as detailed in comment 24.

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1118066

Title:
  Nova should confirm quota requests against Keystone

Status in OpenStack Compute (nova):
  Confirmed

Bug description:
  os-quota-sets API should check requests for /v2/:tenant/os-quota-sets/
  against Keystone to ensure that :tenant does exist.

  POST requests to a non-existant tenant should fail with a 400 error
  code.

  GET requests to a non-existant tenant may fail with a 400 error code.
  Current behavior is to return 200 with the default quotas. A slightly
  incompatible change would be to return a 302 redirect to /v2/:tenant
  /os-quota-sets/defaults in this case.

  Edit (2014-01-22)

  Original Description
  --------------------
  GET /v2/:tenant/os-quota-sets/:this_tenant_does_not_exist
  returns 200 with the default quotas.

  Moreover
  POST /v2/:tenant/os-quota-sets/:this_tenant_does_not_exist
  with updated quotas succeeds and that metadata is saved!

  I'm not sure if this is a bug or not. I cannot find any documentation
  on this interface.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1118066/+subscriptions

More information about the Openstack-security mailing list